When connecting to a destination that is running on WebLogic
Server 6.0 or earlier, the bridge destination must supply a
CLASSPATH that indicates the locations of the classes for
the earlier WebLogic Server implementation.

When connecting to a third-party JMS product, the bridge
destination must supply the product's CLASSPATH in the
WebLogic Server CLASSPATH.

The optional user name the adapter uses to access the bridge
destination.

All operations on the specified destination are done using this
user name and the corresponding password. Therefore, the User
Name/Password for the source and target destinations must have
permission to the access the underlying destinations in order for
the messaging bridge to work.

The user password that the adapter uses to access the bridge
destination.

As of 8.1 sp4, when you get the value of this attribute,
WebLogic Server does the following:

Retrieves the value of the UserPasswordEncrypted
attribute.

Decrypts the value and returns the unencrypted password as a
String.

When you set the value of this attribute, WebLogic Server does
the following:

Encrypts the value.

Sets the value of the UserPasswordEncrypted
attribute to the encrypted value.

Using this attribute (UserPassword) is a potential
security risk because the String object (which contains the
unencrypted password) remains in the JVM's memory until garbage
collection removes it and the memory is reallocated. Depending on
how memory is allocated in the JVM, a significant amount of time
could pass before this unencrypted data is removed from memory.